Tuesday, July 26, 2011

Just emerging from the disorientation and exhilaration of SANSFire 2011, a huge computer security training event with weekend and weeklong courses, vender demos, and some really cool one-off presentations. (My highlight – a unified “lessons learned” assessment of the Tōhoku earthquake/tsunami, the Fukushima meltdown and the Sony Hack by Japanese security analyst Tomohisa Ishikawa.)

One of the traditional special events is the annual State of the Internet roundtable, where the Internet Storm Center handlers take questions on the year’s internet security events. Topics include big attack vectors and stories, the tech media, and – this being D.C. – politics and the military. I asked a pretty spontaneous question, inspired by a previous one about getting involved in computer security that hadn’t really been answered terribly broadly (“become a consultant”).

This isn't really my millieu. At the time, I didn’t really have any answers in mind to my question (I have some ideas now), and it seemed to catch the panel off guard as well, with most of their answers overlooking the activism aspect. (To be fair, their focus is tech analysis, not activism, and my question was a bit off topic.) So, I turn to you, my scattering of dedicated readers, for your thoughts:

Anonymous and Lulzsec and other popular “hacking” groups in the media right now seem to exist in a miasma of criminality and pranksterism, but also genuine activism. Who do you see out there right now providing a positive outlet for legitimate technical activism?

I’ll follow up with my own ideas later, but I want to hear from you, first.